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REMARKS 

Petition for Extension of Time Under 37 CFR 1.136(a) 

It is hereby requested that the term to respond to the Examiner's Action of 
August 1, 2008 be extended one month, from November 1, 2008 to December 1, 
2008. 

The Commissioner is hereby authorized to charge the extension fee to Deposit 
AccountNo. 50-4364 and any additional fees associated with this communication to 
Deposit Account No. 09-0461 . 

In the Office Action, the Examiner indicated that claims 1 through 21 are pending in the 
application and the Examiner rejected all claims. 



Claim Objections 

On page 2 of the Office Action, the Examiner objected to claims 1-3,9-10, and 16-17 for 
various informalities. Applicant has amended the claims in accordance with the Examiner's 
suggestions. Accordingly, the Examiner is respectfully requested to reconsider and withdraw the 
objections to the claims. 



Claim Rejections, 35 U.S.C. § 103 

On page 3 of the Office Action, the Examiner rejected independent claims 1 , 8 and 1 5 under 
35 U.S.C. § 1 03(a) as being anticipated by U.S. Patent Application Publication No. 2003/02335 8 1 to 
Reshef et al. ("Reshef ' ) in view of U.S. Patent No. 7,096,503 to Magdych et al. On page 6 of the 
Office Action, the Examiner rejected claims 2, 9 and 16 under 35 U.S.C. § 103(a) as being 
unpatentable over Reshef in view of Magdych, and further in view of Applicants' Admitted Prior Art 



PATENT 

Application No. 10/795,776 



Docket No. RSW20030219US1 
Page 9 



(AAPA). On page 7 of the Office Action, the Examiner rejected claim 3-6, 10-13 and 17-20 under 
35 U.S.C. §103 (a) as being unpatentable over Reshef in view of Magdych, and further in view of 
U.S. Patent Application Publication No. 2004/0064722 to Neeley et al. ("Neeley"). On page 10 of 
the Office Action, the Examiner rejected claims 7, 14 and 21 under 35 U.S.C. §103 (a) as being 
unpatentable over Reshef in view of Magdych, and further in view of U.S. Patent Application 
Publication 2003/0236994 to Cedar et al. ("Cedar"). 

The Present Invention 

The present invention teaches a method and system for the automatic detection and 
correction of security vulnerabilities in both individual software components and across complex, 
multi-component software solutions. The present invention utilizes a plurality of vulnerability 
analysis and fortification tool (VAF) agents to analyze and proactively identify possible ways to 
attack a software component. Both legal (e.g., a registered user) and illegal (e.g., an unregistered 
user) interfaces are examined for vulnerabilities . Claim 1 recites "analyzing by a plurality of 
agents one or more software solutions to identify legal and illegal external interfaces thereto . . . 
wherein for each of said one or more software solutions, at least one separate agent is utilized. In 
other words, there is at least a one-to-one relationship wherein each software solution has a 
separate agent analyzing it. Similar amendments are made to independent claims 8 and 15. 

The claims require at least a one-to-one relationship between a software solution begin 
monitored and an agent (". . . wherein for each of said one or more software solutions, at least one 
separate agent is utilized.") Support for this claim language can be found on page 6, paragraph 
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[001 1] of the application as filed. This allows independent use of agents in a distributed system 
scattered over multiple locations. 

The Examiner asserts that Magdych teaches the claimed one-to-one relationship whereby 
each software solution is monitored by its own agent. This is incorrect. As is clear from reading 
Magdych, and in particular, the portions of Magdych cited by the Examiner, Magdych discloses a 
local computer having its own agent, not a separate agent for each program on the local computer. 
Applicant specifically claims a separate agent for each program, and neither Magdych nor any of the 
prior art teach or suggest the claimed one-to-one relationship. 

None of the prior art, taken alone or in combination, teaches or suggests such a novel and 
non-obvious arrangement. In light of the foregoing arguments, the Examiner is respectfully 
requested to reconsider and withdraw the rejections of the claims under 35 U.S.C. § 103(a). 



The present invention is not taught or suggested by the prior art. Accordingly, the Examiner 
is respectfully requested to reconsider and withdraw the rejection of the claims. An early Notice of 
Allowance is earnestly solicited. 



Conclusion 
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The Commissioner is hereby authorized to charge the extension fee to Deposit Account No. 
50-4364 and any additional fees associated with this communication to Deposit Account No. 09- 
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0461. 



Respectfully submitted, 



December 1.2008 



/Mark D. Simpson/ 
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